change(jwt-auth): unify apisix/core/vault.lua and apisix/secret/vault.lua #8660
Conversation
apisix/plugins/jwt-auth.lua
Outdated
| local new_tab = require ("table.new") | ||
| local secrets = require("apisix.admin.secrets") |
There was a problem hiding this comment.
All functions in apisix.admin.secrets are only used to configure secret manager. It should not be called from plugins.
If you want to use the secret manager function, you should use the get function in apisix.secret
apisix/plugins/jwt-auth.lua
Outdated
| @@ -252,15 +253,12 @@ end | |||
| local function get_secret(conf, consumer_name) | |||
| local secret = conf.secret | |||
| if conf.vault then | |||
There was a problem hiding this comment.
Just delete the vault-related configuration directly, because we have already retrieved and replaced the configuration of all auth plugins (type = "auth") in the consumer.
https://github.com/apache/apisix/blob/master/apisix/consumer.lua#L107
shreemaan-abhishek
changed the title
shreemaan-abhishek
changed the title
|
After deleting a configuration, a break change is introduced in APISIX, so the title of the PR should be Other legitimate headers can be seen here: https://github.com/apache/apisix/blob/master/.github/workflows/semantic.yml#L23 |
shreemaan-abhishek
changed the title
|
Should also update doc: https://github.com/apache/apisix/blob/master/docs/en/latest/plugins/jwt-auth.md If you are interested, you can update the Chinese documentation at the same time, you can use the tool to translate. |
|
How should this be handled?
|
|
A link should be added after the field, pointing to APISIX Secret |
As described in the comments, this code fits into three possible scenarios. So, just remove some of the comments |
|
Vault related links in this chapter should be updated https://github.com/apache/apisix/blob/master/docs/en/latest/getting-started.md#features |
apisix/plugins/jwt-auth.lua
Outdated
| if public_key and private_key then | ||
| return public_key, private_key | ||
| elseif public_key and not private_key then | ||
| return public_key, nil, "missing private key" |
There was a problem hiding this comment.
There was a problem hiding this comment.
should we add a nil check there? I think we should. Even the previous implementation would return nil in some cases. Not sure why it is not being checked.
There was a problem hiding this comment.
apisix/apisix/plugins/jwt-auth.lua
Line 347 in 9c899b8
Here we check if public_key is nil to detect the err.
There was a problem hiding this comment.
I am not quite sure what you are trying to say, could you please elaborate? 😅
There was a problem hiding this comment.
Can we drop
apisix/conf/config-default.yaml
Line 253 in 4131fbf
shreemaan-abhishek
requested review from
soulbird and
spacewander
and removed request for
soulbird and
spacewander
| elseif not public_key and private_key then | ||
| return nil, nil, "missing public key" | ||
| else | ||
| return nil, nil, "public and private keys are missing" |
There was a problem hiding this comment.
I didn't remove the elseif statements so that a better error message could be returned. Let me know if this is not up to the mark.
* upstream/master: (67 commits) fix: grpc-transcode plugin: fix map data population (apache#8731) change(jwt-auth): unify apisix/core/vault.lua and apisix/secret/vault.lua (apache#8660) feat: stream subsystem support consul_kv service discovery (apache#8633) fix(proxy-mirror): use with uri rewrite (apache#8718) ci: move helper script to the right dir (apache#8691) refactor(pubsub): simpify the get_cmd implementation (apache#8608) feat: stream subsystem support kubernetes service discovery (apache#8640) docs: fix deployment links (apache#8714) fix: remove backslash before slash when encoding (apache#8684) ci: kafka should register port in the zookeeper same as exposed (apache#8672) docs: fix plugin config naming (apache#8701) docs: fix code block (apache#8700) docs: rename kms to secret (apache#8697) docs: replace transparent logos with white background logos (apache#8689) fix: upgrade lua-resty-etcd to 1.10.3 (apache#8668) fix: upgrade casbin to 1.41.3 to improve performance (apache#8676) chore: make send_stream_request more clear (apache#8627) feat: stream subsystem support nacos service discovery (apache#8584) feat: stream subsystem support dns service discovery (apache#8593) refactor(admin): refactor resource routes (apache#8611) ...
Description
Fixes #8424
Checklist